US 7421399 B2
A method of discouraging healthcare fraud in conjunction with providing a health care service to a patient in which the patient provides a biometric signature. An event record is created where the event record creates an association between the biometric signature, a patient identifier, and location information indicating a location at which the biometric signature is obtained. The event record is stored in a central data store and can be later retrieved to verify the patient was present at the location.
1. A method of discouraging healthcare fraud comprising:
causing a patient to provide a biometric signature on a date and at a location where the health care service is provided;
capturing said biometric signature;
creating a record that records said patient was at said location at a particular time and/or date, said record comprising a patient identifier, said biometric signature, location information indicating said particular location at which said biometric signature is obtained;
storing said record in a computerized data store, wherein said record corresponds to reimbursement information and said location information in said record provides evidence that a particular patient was at a suitable location for providing said healthcare services;
providing an interface to said computerized data store wherein said interface receives said reimbursement information and determines whether a record in said computerized data store matches said reimbursement information;
determining whether said record corresponds to said reimbursement information wherein the absence of a positive match indicates a phantom bill;
indicating to a payer entity whether said particular patient was at a suitable location for providing said healthcare services based on said determination.
2. The method of
3. The method of
4. The method of
5. The method of
6. The method of
receiving a claim for reimbursement for said health care services;
retrieving one or more records corresponding to said health care services from said data store;
matching said claim for reimbursement to a record for a particular patient to determine whether said one or more records indicate that said patient was at a suitable location for providing said health care services; and
authorizing financial reimbursement of said health care service based in part upon said determination that said patient was present at a location suitable for providing said health care service.
7. The method of
retrieving one or more records from said data store; and
performing a fraud detection process using said retrieved records.
8. The method of
9. The method of
including within said record an indication of consumable materials used during provision of said healthcare services.
10. The method of
including within said record and indication of equipment used during provision of said healthcare services.
11. The method of
including within said record an indication of procedures performed during said provision of said healthcare services.
12. The method of
13. The method of
14. The method of
15. The method of
This application is a continuation of U.S. Ser. No. 10/348,931 entitled SYSTEM AND METHOD FOR IMPLEMENTING HEALTHCARE FRAUD COUNTERMEASURES filed on Jan. 22, 2003 now U.S. Pat. No. 7,209,886 which is incorporated herein by reference.
1. Field of the Invention
The present invention relates, in general, to systems and method for discouraging fraud, and, more particularly, to software, systems and methods for discouraging and preventing healthcare fraud.
2. Relevant Background
In the United States, for example, more than 4 billion health insurance benefit transactions are processed every year. These benefit transactions are handled by private health insurance plans as well as tax-funded insurance programs such as Medicare and Medicaid. Healthcare fraud is the deliberate submittal of false claims for reimbursement to these private health payers and public programs. In either case, society at large ultimately suffers from these loses of healthcare fraud through higher health insurance premiums, restricted benefits, higher taxes and higher insurance co-payments for privately and publicly insured patients.
Even though only a small percentage of these transactions are fraudulent, the total value of the losses caused by this fraud is staggering. The National Health Care Anti-Fraud Association reports that health care fraud resulted in theft of $1.3 trillion in calendar-year 2000 alone. On Feb. 21, 2002, the United States Department of Health and Human Services reported its finding that of the $191.8 billion in claims paid in 2001, 6.3 percent—amounting to $12.1 billion—should not have been paid due to erroneous billing or payment, inadequate provider documentation of services to back up the claims and/or outright fraud.
One of the largest single sources of health care fraud is dishonest health care providers (e.g., physicians, chiropractors, osteopaths, and alternative-medicine care givers). Although the vast majority of health care providers are honest, the dishonest minority are uniquely situated to conduct systemic, ongoing and broad scale fraud that has been, until now, difficult to detect and prove. For example, health care providers have access to patient identities and insurance/Medicare/Medicaid information of those patients, knowledge of the reimbursement processes, access to the provider reimbursement systems, and a familiarity with fraudulent claims that are difficult to detect.
A common fraud involves billing for services that were never rendered. This may involve using genuine patient information to fabricate entire claims or may involve padding claims with charges for procedures or services that did not take place. In a common scenario, a health care provider gains authority to perform a series of treatments over a period of time, then performs only some of the treatments while submitting reimbursement for the entire series. While current regulations require a patient signature indicating that services were performed, a dishonest provider often convinces the patient to sign these verification forms in advance. The patient may or may not be aware of the fraud. Currently, unless the patient discovers and informs the insurance company or government program that they did not receive the services, the fraud is difficult to detect.
The existence of dishonest providers harms the vast majority of honest providers in that all providers are subject to increased scrutiny, more complex forms, and allegations of fraud stemming from innocent mistakes in handling claims. As a result, fraud creates a chilling effect on all honest care providers that desire to give their patients the best care possible. This chilling effect impacts courts, regulatory agencies, and the legal system as well as the existence of fraud creates a cloud of doubt around all people who submit or prosecute claims for health care reimbursement on behalf of victims of accidents, on-the-job injuries, and other legitimate reimbursable claims.
The current response to healthcare fraud involves creating criminal and civil penalties for abuse. While such steps are necessary, they have limited effect unless the fraud can be discovered and proven. Discovery is difficult and insurance companies and government agencies are expending greater and greater resources in anti-fraud processes. More recently, “whistleblower” programs are being used to encourage fraud reporting by patients themselves. However, because patients implicitly trust their healthcare providers and often lack the sophisticated knowledge to detect fraud, these programs have limited effect.
Technological solutions have been proposed that involve collecting data about healthcare transaction and using data mining and sophisticated matching techniques to identify some types of fraud. While such systems can be useful in detecting some fraud such as double billing, over prescription, and the like, they are not generally useful to detect all fraud relating to submission of claims for services that have not been provided. These solutions rely on databases that hold detailed information about patients and medical histories of those patients. New regulations under the health insurance portability and privacy act make it more difficult or impossible to collect and use such information.
Accordingly, a need exists for systems, methods, and software that discourage and prevent healthcare fraud.
Briefly stated, the present invention involves a system that uses biometric information unique to an individual combined with location information to create a persistent record indicating that a particular person was physically present at a particular place. Specifically, the present invention provides methods of discouraging healthcare fraud in conjunction with providing a health care service to a patient in which the patient provides a biometric signature. An event record is created where the event record creates an association between the biometric signature, a patient identifier, and location information indicating a location at which the biometric signature is obtained. The event record is stored in a central data store and can be later retrieved to verify the patient was present at the location. In terms of deterring health care fraud, the invention makes it significantly more difficult to submit claims for healthcare services that were not provided and significantly easier to detect a variety of fraudulent or erroneous reimbursement practices.
In a particular implementation, the present invention involves a system that uses biometric information unique to an individual to verify that a patient is physically present at a place of treatment (i.e., in a health care providers office). Biometric systems have been used to identify and authenticate individuals in a variety of contexts. These systems, for example, create a database containing biometric information about a plurality of known or authorized individuals. Prior to performing a service for the individual, a fingerprint scan, or other biometric signature, of an individual is taken and the scan information is used to access the database. The database returns other information such as the individual's name, photograph, signature, or the like that can be used to authenticate the identity of the individual.
Unlike these prior systems, however, the present invention is not primarily concerned with identifying an individual or authenticating that an individual is who he/she represents himself/herself to be. While the present invention could operate in conjunction with such systems, such operation is not required. Instead, the present invention desires to create a record, called an “event record”, that records that a particular individual was at a particular location at a particular time. This simple record does not require a database of authorized users or sophisticated matching algorithms to correlate biometric information with stored biometric records, although the biometric information obtained by the present invention may also be used in conjunction with these identification/authorization systems. Unlike prior systems, the event record is preserved in a database for future reference should it be necessary to validate the individuals presence at a particular location.
The present invention is illustrated and described in terms of a distributed computing environment such as an enterprise computing system using public communication channels such as the Internet. However, an important feature of the present invention is that it is readily scaled upwardly and downwardly to meet the needs of a particular application. Accordingly, unless specified to the contrary the present invention is applicable to significantly larger, more complex network environments as well as small network environments such as conventional LAN systems.
The present invention is described in terms of several specific implementations which use specific data record formats, data gathering devices, and protocols. It should be understood that, unless stated to the contrary, the present invention is readily modified and extended to use other formats, devices, and protocols that are available to a particular implementation. For example, fingerprint scanners are a widely available, cost effective biometric tool used in the specific embodiments, but any type of biometric signature may be used including face recognition, retinal scan, voice recognition, gait recognition, and the like, so long as the biometric technique generates a unique digital signature that can be captured and stored. Moreover, the present invention is particularly useful in discouraging healthcare fraud, but may be used in any application where it is desirable to create an auditable record of where an individual is at a particular time.
In accordance with the present invention, each health care provider 103 is associated with an identifiable physical location at which patients or clients receive services. When a patient or client visits the health care provider location, one or more records 105 of that visit, called “event records”, are generated and transferred to event record archive services 109. Various types and formats of event records 105 are contemplated by the present invention, but an important record type includes biometric signature information of the patient, a unique identification of the healthcare provider 103, and a timestamp indicating when the patient visited the healthcare provider 103.
Payer entities 107 have obligations to reimburse health care providers 103 for certain claims when services are provided to insured patients. Currently, payers 107 essentially reimburse all claims made by health care providers 103 on the assumption that all of these claims are valid absent some indication of dishonesty. Because of the complexity of both the insurance industries and the health care services industry, detecting fraud has been difficult.
In accordance with the present invention, central event storage services entity 109 retains and archives records 105 in a data store 113. In a particular example, these records are maintained on a patient-by-patient basis and include an auditable history of visits by a patient to one or more health care providers 103 including the date and time of such visits. Using this information, a particular claim for reimbursement can be readily correlated to a particular record to verify that a patient was at least present at the health care provider's location at the time the services were rendered. In some implementations the event storage services 109 will provide information to appropriate payer entities so that claims management software processes implemented by the payer 107 can be used to verify claims. In other implementations event storage services 109 will implement the validation processes. In yet other implementations, event storage services 109 acts as a clearinghouse to validate claims before they are submitted to payers 107. In yet other implementations, requests for validation and/or transfer of records 105 can be handled over PSTN 111 using either data or voice communication channels. The selection of the particular implementation or group of implementations can be readily altered to meet the needs of a particular application.
As shown in
Patient interface 201 is coupled to or includes a biometric signature device 203. In the particular implementation this device comprises a fingerprint scanner such as a “hamster” sold by SecuGen Biometric Solutions of Milpitas, Calif. or a Morphotouch by Sagem Morpho, Inc. in Tacoma, Wash. However, the present invention is largely vendor independent and a number of alternative fingerprint scanning devices are available. Moreover, biometric signature device 203 is readily implemented using any available device that is capable of generating a unique signature based on the physical presence of a person at the patient interface 201. In the case of a fingerprint scanner, biometric signature device 203 outputs a binary sequence of a preselected length (e.g., 128-byte or 512-byte, etc.) that is referred to as the fingerprint minutia.
Patient interface 201 desirably includes mechanisms to reliably determine a date/time at which the biometric signature was captured. This is readily implemented by a system clock in a conventional computer system, or by obtaining clock signals from external sources. In some implementations the patient interface includes mechanisms and software for providing location information. The location information can be fixed in the patient interface in the form of a stored value, such as the health care providers identification number. Alternatively, this information can be provided by geographic locating systems such as the global positioning system (GPS) and the like.
Patient interface 201 uses this biometric signature to generate one or more types of messages. Patient interface 201 implements two important types of transactions in a particular invention. Initially, a patient is enrolled or registered to initiate creation of a patient record with event storage system 109 using an “enrollment record” 501 shown in
Patient interface 201 includes, for example, processes to prompt the patient to identify himself/herself and operate the biometric signature device 203. The patient identification may involve typing or speaking a name, ID number, social security number, insurance identification, or some other information that is substantially unique to the patient. Alternatively, the biometric signature can itself be used to identify a patient, although such an implementation involves somewhat more complex technologies in that the signature needs to be matched against a database of biometric signatures to distinguish the patient.
An enrollment transaction can be initiated automatically or semi-automatically in response to determining that a patient record does not exist. In this case the patient is prompted using interface 201 to provide additional information such as date of birth, address, phone number, insurance information and the like to meet the needs of a particular application. The biometric signature and other information gathered are packaged into a data packet containing appropriate header/trailer information and a command code indicating a particular transaction (i.e., enrollment or update). The data packet may be implemented as an XML document in a particular implementation. The formed record is transferred, using encryption if desired, to event storage system 109.
Record 301 comprises a first portion 303 that includes patient identification information and a number of entries where each entry refers to a specific patient visit. The patient ID field comprises unique information about the patient such as social security number, date of birth, address, an assigned ID number, phone number, insurance information, and the like. In a simplified example, each patient record 301 contains a unique social security number that is used to access the patient record 301.
In the embodiment of
Patient record 301 also includes a lower portion 305 that serves as an access log or journal. Portion 305 comprises an arbitrary number of entries where each entry identifies an event entry from the portion 303, and records access information such as when and who requested access to a particular entry within patient record 301. In particular implementations the entries in lower portion 305 may include various metadata describing the access request that might record individual credentials of the person causing the access, command codes indicating the nature of the request (e.g., read or modify), and/or a purpose code indicating to what use the information would be used. This log/journal information can be used later to verify and demonstrate the integrity of the data.
The embodiment of
Event storage system 109 uses the event record information to identify a patient record 301/401 that corresponds to the event record. For example, where patient records 301/401 are indexed by social security number, the social security number information in an event record can be used to identify a particular patient record. In cases where the patient records 301/401 are indexed by fingerprint minutia, the fingerprint minutia within an event record is to identify a particular patient record. When it is determined that a record exists, the present invention initiates processes that update the patient record with a new entry that records the patient visit to the health care provider 103.
When it is determined that a patient record does not exist, the present invention requests additional detailed information that is desired to establish a new patient record 301/401. Patient interface 201 implements processes to obtain the desired information, and generates an enrollment message 601 back to event storage system 109. Event storage system 109 creates the new patient record, and updates the new patient record to reflect the current event record information (i.e., provider identification, timestamp, and the like). Optionally, the event storage system 109 will send an acknowledgement message to the patient interface to confirm that the patient record has been successfully updated. This acknowledgement message can be used to generate a receipt of some kind for a patient. In the event an acknowledgement message is not received, patient interface 201 may cache the particular request for later handling.
In either the embodiment of
In some instances a biometric signature that is captured will fail to match the reference biometric signature for a particular patient identification. This can occur when, for example, the patient identification value is entered incorrectly. This can also occur when the person supplying the biometric signature is not operating the device 203 properly. In these cases, a failure to match results in a responsive action such as prompting the patient to re-enter identification information or to repeat the actions involved in capturing a biometric signature. When these actions are re-performed, it can be once again determined whether a match exists.
Of course, in some instances a captured biometric signature will fail to match a reference record because the human being that is submitting the captured biometric signature is different from the human being that submitted the reference record. In such a situation, although a higher likelihood of fraud exists, the present invention does not attempt to notify a health care provider or restrict access to the health care services. Instead, an event record is created that indicates the variance or exception condition to signify that a match was not found. An event record with an exception condition recorded will readily indicate a reimbursement claim that should be treated with special attention.
In some cases it is valuable to be able to verify that a patient was not only present at the healthcare provider's location, but also that the patient was present for a certain amount of time. For example, if a treatment should require thirty minutes to perform, the patient will be present for the entire thirty minutes. In these cases, a patient may be prompted to submit biometric signature data at the beginning and ending of a visit, or at several times during the visit when appropriate. The visit is then recorded by multiple event records, or by a single event record that indicates a time during the visit as well as an extent of time for the visit. Although such an implementation is a slight imposition on the patient, it creates a greater disincentive to fraud. Moreover, such data can be used to detect new types of fraud such as a practice of submitting claims for a complex treatment when in fact a simpler procedure was used. Also, event records for a given health care provider can be audited to determine whether claims are being submitted for multiple patients who were being treated at the same time, or for submitting multiple claims where the aggregate time spent providing treatment is greater than the actual time spent at the health care facility.
Significantly, because it is contemplated that the healthcare services will be provided whether or not an acknowledge is received, it is acceptable to delay transmission of event records and/or enrollment records to well after the patient visit. In contrast, some prior systems that condition providing services upon receiving an authentication of the patient become extremely dependent on receiving an acknowledgment in real time. Further, because it is contemplated that the healthcare services will be provided whether or not a biometric signature match is determined, the present invention is very robust in response to errors, delays, equipment failures and communication difficulties that might otherwise interfere with a time-sensitive decision as to whether care should be provided.
In each of the embodiments shown in
In the first model shown in
In the second model shown in
In the third model shown in
In a fourth model shown in
The systems and methods of the present invention have broad applicability outside of the health care claims processing industry. In a sense, the present invention can be used like a watchman's clock to create a record that verifies the location of a particular person at a particular location and time. There is a growing problem, for example, in government provided services such as child protective services and parolee monitoring caused by government officials that fail to visit their wards when they are supposed to. The present invention is readily implemented in a handheld device in which the time and location of a meeting with a protected child, for example, can be recorded by scanning the fingerprint of the child. This system would operate to verify meetings with parolees or other persons for which there is a responsibility to monitor. These devices can be readily integrated with location devices and software, such as global positioning systems, to provide information about the location of such meetings.
Although the invention has been described and illustrated with a certain degree of particularity, it is understood that the present disclosure has been made only by way of example, and that numerous changes in the combination and arrangement of parts can be resorted to by those skilled in the art without departing from the spirit and scope of the invention, as hereinafter claimed.